You'll need to enable NTFS file system auditing to get user details. Once enabled you can get the information from the Windows Security event log and forward it to a central log collector to analyse. Much more reliable than running a file system watcher via PowerShell or C# because NTFS file system auditing is embedded into the NTFS file system driver of Windows.